If your smartphone has remote desktop apps like TeamViewer, AnyDesk and Zoom installed then you will not be able to use the online payment app: Paytm.
Yes, you read it right.
Paytm has been flagging these apps and a few more as a security threat through a pop-up alert, asking users to uninstall those to be able to use its app.
If users choose not to uninstall the red-flagged apps, they would not be able to perform any transaction on Paytm.
The Entrackr team used the Paytm app while some remote desktop apps were installed and were immediately fired with the pop-up alert. Several Paytm users found the security alert pop-up on the Paytm app a bit odd and raised their concerns.
“This is an attack on user privacy. Why is Paytm interested in what apps I use and what I should not?” Mohit Sharma, who uninstalled Paytm after he was asked to uninstall a few apps on his phone, told Entrackr.
Many Paytm users took to the micro-blogging site Twitter to express similar concerns. While the SoftBank-backed firm has been asking users to uninstall the aforementioned apps on the pretext of security threats, its own mobile application is notorious for collecting all kinds of “confidential data” from its users.
When a user installs the Paytm app and agrees to its terms and condition, it gets access to the user’s phone status and identity, permission to read sensitive log data, modify or delete the content of users USB storage, record audio, track location and read calendar events, among others.
For a payment app to seek access to all these private details raises serious privacy-related questions. Why does it need access to all these private information of users?
In a response to Entrackr queries Paytm Payments Bank spokesperson said, “Android permits many apps on its platform that can be used for remote access. This is a security risk as often such apps are used to steal confidential financial information from users. Therefore, once our users permit, we scan the device for any such remote access or screen sharing apps. These scans happen on the device itself and no data is shared or stored at the backend. We would welcome if the Operating System itself includes a security feature where apps can choose not to be recorded in any way. Users’ privacy & security is of utmost importance to us and would like our users to use all apps in a safe & secure manner.”
Though, the company did not explain why it is collecting all those confidential info.
“None of what Paytm is doing now is necessary to prevent other apps from snooping. Since Android 4.2(released in 2012), the OS itself provides
secure compositing surfaces with FLAG_SECURE feature which prevents secure content from being seen or snooped by other apps or even the OS built-in screenshot facility” said Kingsly John, who is a Linux and Open Source generalist, with a keen interest in security and privacy aspects of emerging technologies.
Paytm could use this feature and not worry about what other apps are running on the device, John added explaining to Entrackr how it can work.
Meanwhile, a response from a user to a tweet thread on the alert pop-up issue referred to the Netflix show Jamtara based on scammers targeting unsuspecting users on payment apps.
A reply from Twitter user Himanshu Gupta read, “I’m sure you know about Jamtara. I don’t work with Paytm but I’m assuming that’s a call they took. The solution is probably Google Play introducing permissions where Paytm app can say it won’t run when TeamViewer is running — so then you don’t have to uninstall TeamViewer.”
In a response to the tweet, former Paytm executive Deepak Abbot backed his ex-employer for taking this security measure.
Paytm too responded to a question posted on Twitter and said that the pop-up is part of their security feature designed to prevent fraud, by not letting fraudsters use these apps.
This is not the first time that Paytm has taken such a step.
Last year, the Vijay Shekhar Sharma-led firm had warned users from downloading remote desktops apps to get their KYC done after the cybersecurity and IT examination cell of the Reserve Bank of India (RBI) issued an alert to banks over rising cases of online frauds.
Paytm Payments Bank now claims to work with the RBI, Telecom Regulatory Authority of India (TRAI), Ministry of Electronics and Information Technology (MeitY), banks and telcos to ensure that customers do not get duped by fraudsters.
Recently, Paytm had also filed cases against online fraudsters. According to Noida police’s cyber wing, the company last month filed an FIR against 3,500 numbers which, it believes, are behind such frauds.
Update: The article has been updated post-publication.